There is a great need for convenient, cost effective techniques to securely handle and deliver documents and other items. Existing methods such as express and personal couriers, registered mail, facsimile and electronic mail fulfill some of these needs but these techniques each have their problems and are deficient in important ways.
Trusted Personal Couriers
Perhaps the ultimate in secure document handling is the personal trusted courier. Many of us have seen spy films showing a trusted courier delivering documents containing state secrets. In such scenarios, the document sender places the document or other item into a lockable attaché case. The sender seals and locks the case with a key or combination that only he and the recipient have. The courier handcuffs the case to his or her wrist, boards an airplane and flies to the required destination—all the while carefully guarding the attaché case and its contents. Upon arriving at the destination, the courier personally delivers the case to the intended recipient. The recipient unlocks the case and retrieves its contents, all the while having a high degree of assurance that the contents have been kept secret.
The confidentiality, security and reliability provided by a personal trusted document courier has never really been matched by any other form of document delivery. Even though we sometimes might want or need the services of a personal trusted document courier, it is likely that practical reasons (such as cost and availability) require us to use less trusted forms of delivery for even our most important and confidential documents or other items. Moreover, even the trusted courier technique does not provide a reliable means of later providing how and when the information was used by the recipient and/or subsequently handled by others to whom the recipient may pass the information and what information was actually sent. This approach also cannot provide the degree of interactivity between the sender and the recipient possible in a world of near instantaneous communications, including seamlessly supporting processes related to rights management, and document creation and dissemination.
As discussed below, existing alternatives to the trusted courier are more practical and less expensive, and some offer advantages such as instantaneous communications and interactivity—but all suffer from various disadvantages.
Express Courier Services
Federal Express and other express courier services provide rapid (for example, overnight) delivery services at a relatively high degree of trustedness.
In the typical case, the sender places the items to be delivered into a special, tear resistant sealed envelope, and fills out an “air bill” that lists the sender's name, address and telephone number, and the intended recipient's name, address and telephone number. The “air bill” also lists options such as, for example, the type of delivery service required (i.e., delivery next business morning, next business afternoon, or second business day), whether the sender requires Federal Express to obtain the recipient's signature, the payment method, and a unique “tracking number” used to uniquely identify the package.
Once the package is complete and ready to send, the sender may provide it to Federal Express through a number of different methods:                the sender may take the package to a Federal Express office and personally hand it to a clerk,        the sender may drop the completed envelope in any one of many pervasive Federal Express drop off boxes, and someone will come and collect the envelopes from the boxes sometime before the end of the business day and deliver them to a Federal Express office, or        the sender can call Federal Express and arrange for a delivery person to come and pick up the package.        
Federal Express maintains a fleet of aircraft that shuttle most packages to a central sorting and routing facility for subsequent dispatch to various destinations across the United States and the world. A fleet of delivery trucks deliver the packages from local airports to each recipient. At the sender's option, a delivery person may obtain a recipient's signature at the time she delivers the package—providing documentation that may later be used to prove the package was in fact received by the intended recipient or someone at his or her home or office.
Federal Express uses automated computer tracking and package handling equipment to route individual packages to their destinations. Delivery information is put into the tracking computer to allow customers and service people to automatically retrieve information about when and to whom particular packages were actually delivered, or where the package happens to be at the moment.
Federal Express and other similar document delivery services have been highly successful because they cost-effectively ensure reliable delivery of original documents and other items. Nevertheless, they do have some significant disadvantages and limitations. For example:                They are much more expensive than other delivery mechanisms at least in part because of the high labor, transportation, and infrastructure (many offices, planes, etc.) costs involved.        They do not provide the very high degree of confidentiality desired for certain confidential business or other documents.        They generally can only reliably verify that the package was delivered to the intended recipient (or his or her home or place of business)—and not that the intended recipient opened the package or read or saw or used the document.        The one (or two) day delay they introduce may be too great for time sensitive or time pressing items.        
These problems are exacerbated when several individuals and/or organizations in different geographical locations are all parties to a transaction—a complex, multiparty contract, for example—and all must sign or otherwise process and/or execute one or more related documents.
Registered Mail
A relatively more secure delivery technique is registered mail. Registered mail correspondents can have a high degree of confidence that their packages will arrive at their required destinations—but may not like the time delays and additional expense associated with this special form of mail handling.
To use registered mail, the sender places her document or other items into a sealed envelope or package and takes her package to the nearest Post Office. For security, the Post Office may prohibit the use of resealable tape and mailing labels, and instead require the package to be sealed with paper tape and the address to be written directly on the package. These safeguards help to ensure that any attempts to tamper with the package or its contents will be detected.
The Post Office securely transports the registered mail package to the recipient, requiring each postal employee who accepts custody of the package along its journey to sign and time stamp a custody record. The postal carrier at the recipient's end personally delivers the package to the recipient—who also has to sign for it and may be asked to produce proof of identification. The custody record establishes a chain of custody, listing every person who has had custody of the package on its journey from sender to recipient.
As discussed above, registered mail is relatively secure and confidential but delivery takes a long time and is very labor and infrastructure intensive.
Facsimile
Facsimile is an electronic-based technology that provides virtually instantaneous document delivery. A facsimile machine typically includes a document scanner, a document printer, and electronic circuits that convert document images to and from a form in which they can be sent over a telephone line. Facsimile requires each of the sender and the intended recipient to have a facsimile machine. The sender typically places the document to be sent into a document feeder attached to a facsimile machine. The sender then typically keys in the telephone number of the intended recipient's facsimile machine and presses a “start” button. The sender's facsimile machine automatically dials and establishes contact with the recipient's facsimile machine.
Once a good connection is established, the sender's facsimile machine begins to optically scan the document one page at a time and convert it into digital information bits. The sender's facsimile machine converts the digital bits into a form that can be transmitted over a telephone line, and sends the bits to the intended recipient's facsimile machine. The sender's facsimile machine may also send as part of the document, a “header” on the top of each page stating the sender's identity, the page number of the transmission, and the transmission time. However, these headers can be changed at will by the sender and therefore cannot be trusted.
Since the recipient's facsimile machine receives the transmitted information at the same time the sender's facsimile machine is sending it, delivery is virtually instantaneous. However, sending a document to an unattended facsimile machine in an insecure location may result in the document falling into the wrong hands. Another common scenario is that the facsimile machine operator, through human error, dials the wrong telephone number and ends up delivering a confidential document to the wrong person (for example, the local grocery store down the street, or in some unfortunate cases, the opposing side of a negotiation, legal proceeding or other pitched battle). Thousands of faxes are lost every day in a “black hole”—never arriving at their desired destinations but possibly arriving at completely different destinations instead.                Some secure facsimile machines such as those used by government and military organizations, or by companies needing a significantly higher level of security provide an extra security/authentication step to ensure that the intended recipient is physically present at the receiving facsimile machine before the sender's machine will transmit the document. In addition, it is possible to use encryption to prevent the facsimile transmitted information from being understood by electronic eavesdroppers. However, such specially equipped facsimile machines tend to be very expensive and are not generally available for common commercial facsimile traffic. Moreover, facsimile machines typically can send and receive documents only—and therefore are not very versatile. They do not, for example, handle digital items such as audio, video, multimedia, and executables, yet these are increasingly part and parcel of communications for commerce and other purposes. Thus, despite its many advantages, facsimile transmissions do not provide the very high degree of trustedness and confidence required by extremely confidential documents, nor do they provide the degree of flexibility required by modern digital communications. As with Express Courier Services and Registered Mail, faxing can only indicate that the package was delivered to the intended recipient (or his or her home or place of business)—and not that the intended recipient opened the package or read or saw or used the document.Electronic Mail        
More and more, people are using electronic mail to send documents, messages, and/or other digital items. The “Internet explosion” has connected millions of new users to the Internet. Whereas Internet electronic mail was previously restricted primarily to the academic world, most corporations and computer-savvy individuals can now correspond regularly over the Internet.
Currently, Internet electronic mail provides great advantages in terms of timeliness (nearly instantaneous delivery) and flexibility (any type of digital information can be sent), but suffers from an inherent lack of security and trustedness. Internet messages must typically pass through a number of different computers to get from sender to recipient, regardless of whether these computers are located within a single company on an “Intranet” for example, or on Internet attached computers belonging to a multitude of organizations. Unfortunately, any one of those computers can potentially intercept the message and/or keep a copy of it. Moreover, even though some of these systems have limited “return receipt” capabilities, the message carrying the receipt suffers from the same security and reliability problems as the original message.
Cryptography (a special mathematical-based technique for keeping messages secret and authenticating messages) is now beginning to be used to prevent eavesdroppers from reading intercepted messages, but the widespread use of such cryptography techniques alone will not solve electronic mail's inherent lack of trustedness. These electronic mail messages, documents and other items (e.g., executable computer programs or program fragments) that might have been sent with them as “attachments,” remain vulnerable to tampering and other unauthorized operations and uses once decrypted and while delivery may be reported, actual use can not be demonstrated. Some people have tried to develop “privacy enhanced” electronic mail, but prior systems have only provided limited improvements in reliability, efficiency and/or security.
The Present Inventions Solve these and Other Problems
As discussed above, a wide variety of techniques are currently being used to provide secure, trusted confidential delivery of documents and other items. Unfortunately, none of these previously existing mechanisms provide truly trusted, virtually instantaneous delivery on a cost-effective, convenient basis and none provide rights management and auditing through persistent, secure, digital information protection.
In contrast, the present inventions provide the trustedness, confidentiality and security of a personal trusted courier on a virtually instantaneous and highly cost-effective basis. They provide techniques, systems and methods that can bring to any form of electronic communications (including, but not limited to Internet and internal company electronic mail) an extremely high degree of trustedness, confidence and security approaching or exceeding that provided by a trusted personal courier. They also provide a wide variety of benefits that flow from rights management and secure chain of handling and control.
The present inventions preferred embodiment make use of a digital Virtual Distribution Environment (VDE) as a major portion of its operating foundation, providing unique, powerful capabilities instrumental to the development of secure, distributed transaction-based electronic commerce and digital content handling, distribution, processing, and usage management. This Virtual Distribution Environment technology can flexibly enable a wide variety of new business models and business practices while also supporting existing business models and practices.
The Virtual Distribution Environment provides comprehensive overall systems, and wide arrays of methods, techniques, structures and arrangements, that enable secure, efficient electronic commerce and rights management on the Internet and other information superhighways and on internal corporate networks such as “Intranets”. The present inventions use (and in some cases, build upon and enhances) this fundamental Virtual Distribution Environment technology to provide still additional flexibility, capabilities, features and advantages. The present invention, in its preferred embodiment, is intended to be used in combination a broad array of the features described in Ginter, et al, including any combination of the following:                A. VDE chain of handling and control,        B. security trusted internodal communication,        C. secure database,        D. authentication,        E. cryptographic,        F. fingerprinting,        G. other VDE security and communication techniques,        H. rights operating system,        I. object design and secure container techniques,        J. container control structures,        K. ARPML rights and process control language,        L. electronic negotiation,        M. secure hardware, and        N. smart agent (smart object) techniques.        
For example, parties using the Virtual Distribution Environment can participate in commerce and other transactions in accordance with a persistent set of rules they electronically define. Such techniques, systems and arrangements bring about an unparalleled degree of security, reliability, efficiency and flexibility to electronic commerce, electronic rights management and other important business models. The present inventions make use of these persistent electronic rules to provide secure, automated, cost-effective electronic control for electronic document and other digital item handling and/or delivery, and for the electronic formation and negotiation of legal contracts and other documents.
By way of non-exhaustive summary, these present inventions provide a highly secure and trusted item delivery and agreement execution services providing the following features and functions:                Trustedness and security approaching or exceeding that of a personal trusted courier.        Instant or nearly instant delivery.        Optional delayed delivery (“store and forward”).        Broadcasting to multiple parties.        Highly cost effective.        Trusted validation of item contents and delivery.        Value Added Delivery and other features selectable by the sender and/or recipient.        Provides electronic transmission trusted auditing and validating.        Allows people to communicate quickly, securely, and confidentially.        Communications can later be proved through reliable evidence of the communications transaction—providing non-repudiatable, certain, admissible proof that a particular communications transaction occurred.        Provides non-repudiation of use and may record specific forms of use such as viewing, editing, extracting, copying, redistributing (including to what one or more parties), and/or saving.        Supports persistent rights and rules based document workflow management at recipient sites.        System may operate on the Internet, on internal organization and/or corporate networks (“Intranets” irrespective of whether they use or offer Internet services internally), private data networks, and/or using any other form of electronic communications.        System may operate in non-networked and/or intermittently networked environments.        Legal contract execution can be performed in real time, with or without face to face or ear-to-ear personal interactions (such as audiovisual teleconferencing, automated electronic negotiations, or any combination of such interactions) for any number of distributed individuals and/or organizations using any mixture of interactions.        The items delivered and/or processed may be any “object” in digital format, including, but not limited to, objects containing or representing data types such as text, images, video, linear motion pictures in digital format, sound recordings and other audio information, computer software, smart agents, multimedia, and/or objects any combination of two or more data types contained within or representing a single compound object.        Content (executables for example) delivered with proof of delivery and/or execution or other use.        Secure electronic containers can be delivered. The containers can maintain control, audit, receipt and other information and protection securely and persistently in association with one or more items.        Trustedness provides non-repudiation for legal and other transactions.        Can handle and send any digital information (for example, analog or digital information representing text, graphics, movies, animation, images, video, digital linear motion pictures, sound and sound recordings, still images, software computer programs or program fragments, executables, data, and including multiple, independent pieces of text; sound clips, software for interpreting and presenting other elements of content, and anything else that is electronically representable).        Provides automatic electronic mechanisms that associate transactions automatically with other transactions.        System can automatically insert or embed a variety of visible or invisible “signatures” such as images of handwritten signatures, seals, and electronic “fingerprints” indicating who has “touched” (used or other interacted with in any monitorable manner) the item.        System can affix visible seals on printed items such as documents for use both in encoding receipt and other receipt and/or usage related information and for establishing a visible presence and impact regarding the authenticity, and ease of checking the authenticity, of the item.        Seals can indicate who originated, sent, received, previously received and redistributed, electronically view, and/or printed and/or otherwise used the item.        Seals can encode digital signatures and validation information providing time, location, sender and/or other information and/or providing means for item authentication and integrity check.        Scanning and decoding of item seals can provide authenticity/integrity check of entire item(s) or part of an item (e.g., based on number of words, format, layout, image—picture and/or text—composition, etc.).        Seals can be used to automatically associate electronic control sets for use in further item handling.        System can hide additional information within the item using “steganography” for later retrieval and analysis.        Steganography can be used to encode electronic fingerprints and/or other information into an item to prevent deletion.        Multiple steganographic storage of the same fingerprint information may be employed reflecting “more” public and “less” public modes so that a less restricted steganographic mode (different encryption algorithm, keys, and/or embedding techniques) can be used to assist easy recognition by an authorized party and a more private (confidential) mode may be readable by only a few parties (or only one party) and comprise of the less restricted mode may not affect the security of the more private mode.        Items such as documents can be electronically, optically scanned at the sender's end—and printed out in original, printed form at the recipient's end.        Document handlers and processors can integrate document scanning and delivery.        Can be directly integrated into enterprise and Internet (and similar network) wide document workflow systems and applications.        Secure, tamper-resistant electronic appliance, which may employ VDE SPUs, used to handle items at both sender and recipient ends.        “Original” item(s) can automatically be destroyed at the senders end and reconstituted at the recipient's end to prevent two originals from existing simultaneously.        Secure, non-repudiable authentication of the identification of a recipient before delivery using any number of different authentication techniques including but not limited to biometric techniques (such as palm print scan, signature scan, voice scan, retina scan, iris scan, biometric fingerprint and/or handprint scan, and/or face profile) and/or presentation of a secure identity “token.”        Non-repudiation provided through secure authentication used to condition events (e.g., a signature is affixed onto a document only if the system securely authenticates the sender and her intention to agree to its contents).        Variety of return receipt options including but not limited to a receipt indicating who opened a document, when, where, and the disposition of the document (stored, redistributed, copied, etc.). These receipts can later be used in legal proceedings and/or other contexts to prove item delivery, receipt and/or knowledge.        Audit, receipt, and other information can be delivered independently from item delivery, and become securely associated with an item within a protected processing environment.        Secure electronic controls can specify how an item is to be processed or otherwise handled (e.g., document can't be modified, can be distributed only to specified persons, collections of persons, organizations, can be edited only by certain persons and/or in certain manners, can only be viewed and will be “destroyed” after a certain elapse of time or real time or after a certain number of handlings, etc.)        Persistent secure electronic controls can continue to supervise item workflow even after it has been received and “read.”        Use of secure electronic containers to transport items provides an unprecedented degree of security, trustedness and flexibility.        Secure controls can be used in conjunction with digital electronic certificates certifying as to identity, class (age, organization membership, jurisdiction, etc.) of the sender and/or receiver and/or user of communicated information.        Efficiently handles payment and electronic addressing arrangements through use of support and administrative services such as a Distributed Commerce Utility as more fully described in the copending Shear, et al. application.        Compatible with use of smart cards, including, for example, VDE enabled smart cards, for secure personal identification and/or for payment.        Transactions may be one or more component transactions of any distributed chain of handling and control process including Electronic Data Interchange (EDI) system, electronic trading system, document workflow sequence, and banking and other financial communication sequences, etc.        
The present inventions also provide for the use of a trusted third party electronic go-between or intermediary in various forms, including the “virtual presence” of such go-between through the rules and controls it contributes for distributed governance of transactions described in the present invention, and further through the use of a distributed, go-between system operating in on-line and/or off-line modes at various user and/or go-between sites. Such a trusted third-party go-between can provide enhanced and automated functionality, features and other advantages such as, for example:                Third party go-between can provide an independent, objective third party assurance of item authenticity, integrity, delivery and/or other actions and/or events.        Third party go-between can support non-repudiation of items having legal and/or other important consequences.        Third-party go-between can perform auditing, notarizing, authentication, integrity checking, archiving, routing, distributed chain of handling and control processing, and/or other processing.        Third party can provide store and forward capabilities.        Trusted go-between can supervise execution of legal items such as documents—ensuring that all required conditions are satisfied and that all parties agree before permitting a document to be executed and informing parties of any as-yet-unsatisfied requirements and allow parties to view completed documents on-screen and/or in printed form with “draft, not enforceable” or the like printed on the pages, before final agreement to commit. Actual execution (closing) occurs, for example, as the third party system verifies final, electronically asserted agreement and execution by all parties. Such “atomic” transactions are especially useful in supporting “closings” or the like.        Third party go-between can securely audit, manage, supervise, and/or control automated electronic negotiations, contract agreement, contract execution, contract notariziation, and/or archiving of contracts, notarized contracts, and/or at least one VDE control set utilized in an electronic negotiation regardless whether or not that negotiation resulted in an executed contract, and regardless of whether or not the entire negotiation was conducted by electronic means.        Secure electronic controls can direct tasks to be performed by the third party go-between.        Third party go-between can provide a digital time stamp service to certify that a certain version of a certain document existed and was delivered to it at a certain day and time.        Third party go-between can legally notarize the item(s) if desired, and can also “notarize” electronic control structures associated with the item(s).        Third party go-between can authenticate an item by, for example, opening (e.g. decrypting content) one or more containers; digitally or otherwise “signing” one or more items to indicate the third party has seen the item(s); verifying the integrity of the item(s) (e.g., using a one way hash function); affixing its own distinctive seal and/or other information to the item; generating audit information for item tracking purposes; and collecting payment based on the services it has performed.        Third party go-between can maintain a secure archive of the item(s) and/or identification/authentication information associated with the item(s) (e.g., a “one way hash” value of item contents or portions thereof). A portion or all of such archive (e.g., a “one way hash”) may be stored within the affixed, visible seal applied described above.        Go-between can also serve as an archive of controls relating to certain items or item types (e.g., to allow a sender to access common controls and/or templates from any of various electronic appliances).        Secure electronic controls can provide a message digest that can be delivered to and registered by a trusted go-between as part of the object registry/archiving process.        Third party go-between can deliver item(s) to an intended recipient, or simply oversee the delivery transaction as an impartial third party observer.        Trusted go-between can deliver a copy and/or the original of an item with or without a seal affixed by the go-between.        Trusted third party go-between can maintain or exert control over an item, distributed chain of handling and control process(s), and/or other processes or workflow associated with it.        Trusted go-between can support governmental regulatory requirements by acting as a cryptographic key repository for encrypted communications; such secure communications may be accessed by governmental authorities, for example, through a warrant process to provide court or otherwise mandated access to specific communications or communications related information (e.g., for encrypted communications employing long key lengths).        Trusted go-between can act as a user rights authority clearinghouse for additional and/or alternative rights which may, for example, be available to particular classes, specific users, at a certain cost, or as specified by the sender. Trusted go-between may also mediate between sender(s) and recipient(s) in response to recipient's request for new, different and/or modified rights or sender's and/or receiver's request for third party archived information (which may require the agreement by only one, expressly either one, or both sender(s) and recipient(s).        In addition to multiple individuals and/or parties in several organizations, a trusted go-between may also provide services to parties within a single organization, thus enhancing the security, reliability, auditability, authentication, efficiency, and timeliness of secure document delivery and secure transaction facilitation within a given organization.        Trusted go-between may provide services both on public networks, such as the Internet, on internal corporate networks (“Intranets”—irrespective of whether or not they use Internet type conventions), and on private networks connecting two or more individuals and/or organizations exchanging documents and other content in digital format and/or participating together in various transactions.        A third party go-between can provide a communications switching integration. For example, a communications service provider may automatically provide the go-between services for a connection. For example, certain telephone numbers might be offered that have these services built in to the switching network, or a special dialing sequence might be used to access a communications channel with these characteristics. This can provide data links for networks, or be integrated with traditional fax lines, or even voice lines. For example, a fax transmission might be archived, have a seal inserted during transmission, and/or have a hash value stored for later reference. A voice transmission could be similarly managed. Both of these examples have the advantage of compatibility with the existing infrastructure (albeit at the cost of lacking persistent control after delivery). Using this infrastructure for data links has the added advantage of transparency.        A third party go-between can provide Transaction Authority services as described in the copending concurrently filed Ginter et al patent application.        